How to activate Windows Error Reporting on Windows 7 / Server 2008 to create Crash Dumps

Document ID : KB000088284
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Affects Release version(s): null

How to activate Windows Error Reporting on Windows 7 / Server 2008 to create Crash Dumps
Resolution:
Use case: In some cases, when components (e.g. Agents) crash on a Windows machine, it is helpful to activate Dumps. These Dumps can help development analyzing the root cause. To create such dumps in a case of an crash, it is necessary to activate Windows Error Reporting. How to do this is described below. It is valid for all Windows version starting with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1). By default, Windows Error Reporting is disabled on a Windows machine.

Activating Windows Error Reporting:
  1. In Windows Start Menu, type regedit
  2. When found, right click on regedit.exe and select "Run as Administrator"
  3. Go to registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
  4. In this key, the following entries must be created:
Value
Description
Type
Values
DumpFolder
The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder.

For service crashes, the dump is written to service specific profile folders depending on the service account used. For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile. For Network and Local Services, the folder is %WINDIR%\ServiceProfiles.

REG_EXPAND_SZThe default is
%LOCALAPPDATA%\CrashDumps
Please make sure there is enough disk space
DumpCount
The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file.REG_DWORDDefault 10
DumpType
Specify one of the following dump types:
  • 0: Custom dump
  • 1: Mini dump
  • 2: Full dump
REG_DWORDFor a detailed analysis, please always use 2


These registry values represent the global settings. You can also provide per-application settings that override the global settings. To create a per-application setting, create a new key for your application under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps (for example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApplication.exe). Add your dump settings under the MyApplication.exe key. If your application crashes, WER will first read the global settings, and then will override any of the settings with your application-specific settings.

After an application crashes and prior to its termination, the system will check the registry settings to determine whether a local dump is to be collected. After the dump collection has completed, the application will be allowed to terminate normally. If the application supports recovery, the local dump is collected before the recovery callback is called.

You can test these settings with the Automic tool UCYBCRSH.EXE. It causes a purposeful program crash in order to test the corresponding impacts. This debugging program is found in ..\tools\nosupp. If you start it without parameters or with the parameter "div", the program crash "divide by zero" (exception number 0000094) is caused by default.

For example: C:\UC4\TOOLS\UCYBCRSH.EXE div

If it is opened using the parameter  "acc" the error "access violation" is caused.

For example: C:\UC4\TOOLS\UCYBCRSH.EXE acc

To test the per-application setting, you can copy and rename the exe-file.